Not only the GET method is vulnerable to BOF (CVE-2004-2271). HEAD and POSTmethods are also vulnerable. The difference is minimal, both are exploitedin the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length